phpMyAdmin is a free software tool written in PHP that is intended to handle the administration of a MySQL or MariaDB database server. You can use phpMyAdmin to perform most administration tasks, including creating a database, running queries, and adding user accounts.
A flaw was discovered with how warning messages are displayed while importing a file. This attack requires a specially-crafted file but can allow an attacker to trick the user in to executing a cross-site scripting (XSS) attack.
In addition to the security fixes, this release also includes these bug fixes and more as part of our regular release cycle:
- An error where a database is named 0
- Fix for NULL as default not being shown
- Fix for recent tables list
- Fix for slow performance with table filtering
- Two-factor authentication (2FA) fails if the GD PHP library is missing
- Event scheduler toggle does not work
- ERR_BLOCKED_BY_XSS_AUDITOR error when exporting a table
- PHP 7.3 warning: “continue” in “switch” is equal to “break”